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(54) Method and apparatus for public-key cryptography using a secure semiconductor device 

(57) A semiconductor device for storing encryp- 
tion/decryption keys at manufacture in combination with 
digital certificates to ensure secured communications 
between the semiconductor device and another device. 
The semiconductor device comprising a non-volatile 
memory for storing the encryption/decryption keys and 
at least one digital certificate, internal memory for tem- 
porarily storing information input into the semiconductor 
device from the other device and possibly encryption 
and decryption algorithms, a processor for processing 
the information and a random number generator for 
generating the encryption/decryption keys completely 
internal to the hardware agent. 
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Description 

BACKGROUND OF THE INVENTION 

Field Qf ffig invent i o n 

The present invention relates to an apparatus and 
method for data security. More particularity, the present 
invention relates to a semiconductor device storing 
encryption/decryption keys at manufacture and/or sub- 
sequent to manufacture to ensure secured communica- 
tions between a system incorporating the 
semiconductor device and a device in remote communi- 
cations with the system. 

Art Related to the Invention 

In today's society, it is becoming more and more 
desirable to transmit digital information from one loca- 
tion to another in a manner which is clear and unambig- 
uous to a legitimate receiver, but incomprehensible to 
any illegitimate recipients. Accordingly, such information 
is typically encrypted by a software application execut- 
ing some predetermined encryption algorithm and is 
transmitted to the legitimate receiver in encrypted form. 
The legitimate receiver then decrypts the transmitted 
information for use. This encryption/decryption trans- 
mission process is commonly used in governmental 
applications as well as for commercial applications 
where sensitive information is being transmitted. 

Often, encryption/decryption of information is 
accomplished through symmetric key cryptography as 
shown in Figure 1 . In symmetric key cryptography, an 
identical key 1 (i.e., a data string commonly referred to 
as a "symmetric key") is used by both a legitimate 
sender 2 and a legitimate receiver 3 to encrypt and 
decrypt a message 4 (i.e., information) being transmit- 
ted between the sender 2 and receiver 3. Such encryp- 
tion and decryption is performed through well-known 
conventional algorithms such as RAS, DES, etc. and 
transmitted in encrypted form through a public domain 5 
such as a conventional network, telephone lines, etc. 

Although symmetric key cryptography is computa- 
tionally simple, it requires complex key management. 
Basically, each sender needs a different symmetric key 
to communicate with each legitimate receiver, thereby 
making it difficult, if not impossible, to be used by busi- 
nesses having a large number of employees. For exam- 
ple, in a business of 1000 legitimate entities (e.g., 
employees), a maximum of 499.500 (1000x999/2) keys 
would need to be managed, provided that each legiti- 
mate entity is capable of communicating with any 
another legitimate entity within the business. In addition, 
symmetric key cryptography is difficult to implement in a 
network or global environment because there is no 
secure and convenient way of transmitting the symmet- 
ric key from the legitimate sender 2 to the legitimate 
receiver 3. 

Another method of encryption/decryption is to use 



two separate keys (referred to as a "key pair) in which 
a first key fa public key") 1 0 of the key pair is used for 
encryption of a message 12 from a legitimate sender 13 
while a second key ("a private key") 1 1 of the key pair is 

5 used by the legitimate receiver 14 for decryption of the 
message 12 as shown in Figure 2. This method is com- 
monly referred to as "asymmetric" (or public) key cryp- 
tography. One advantage of asymmetric key 
cryptography is that it alleviates the burdensome key 

10 management problem associated with symmetric key 
cryptography. Continuing the above example, the 
number of key pairs required for asymmetric key cryp- 
tography is equal to 1000, the total number of legitimate 
entities. However, in such communications system, it is 

75 known that an illegitimate entity (e.g.. commercial spy) 
may attempt to impersonate a legitimate entity (e.g. 
employee, joint-venturer, etc.) by sending fraudulent 
messages to another legitimate entity for the purpose of 
disrupting work flow or obtaining confidential informa- 
nt? tion. Thus, additional protocols are usually used in the 
asymmetric key system to ensure message and sender 
authentication. 

Authentication of the sender (i.e., verifying that the 
sender of a public key is, in fact, the true owner of the 

25 public key) is a problem when communications are ini- 
tially established between previously unknown parties. 
This problem is commonly avoided by incorporating a 
digital certificate 15 within the transmitted message 12 
as shown in Figure 3. The digital certificate 1 5 is issued 

30 by a mutually trusted authority 16 (e.g., a bank, govern- 
mental entity, trade association, etc.) so that fraudulent 
attempts to use another's public key 10 will simply result 
in unreadable messages. Such mutually trusted author- 
ity 16 depends on the parties involved. For example, two 

35 individuals employed by the same business could both 
trust the certificates issued by a corporate security 
office of the business. Employees of two independent 
business entities, however, would require not only the 
certificates from the respective security offices, but also 

40 the certificates from, for example, some industry trade 
organization that certifies such business entities. This 
digital certificate 16 methodology "binds" a public key 
10 to an entity (e.g., employee). 

In the past few years, there have been many 

45 approaches toward protecting "key" information from 
being obtained by unauthorized persons. One such 
approach is employing mechanical security mecha- 
nisms, particular for portable computers which can be 
more easily appropriated. For example, certain compa- 

50 nies have introduced a "secure" laptop using a tamper- 
detection mechanism to erase the key material if the 
laptop's casing is opened without authorization. How- 
ever, there are several disadvantages associated with 
mechanical security devices. 

55 A primary disadvantage associated with mechani- 
cal security mechanisms is that they may be circum- 
vented through reverse engineering. Another 
disadvantage is that mechanical security mechanisms 
are costly to design and fabricate. Another disadvan- 
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tage is that they are subject to accidental erasure of key 
information. 

As a result, a number of companies are simply rely- 
ing on the software application to utilize encryp- 
tion/decryption protocols. However, as technology 
rapidly evolves, these encryption/decryption software 
applications place unnecessary limitations on transmis- 
sion speeds of a communication system since the 
speed of encrypting or decrypting information is corre- 
lated to the execution speed of the instructions. 

This approach for employing specific hardware into 
the customer's system to protect such keys from disclo- 
sure is also used in the rapidly growing area of "content 
distribution", namely the electronic distribution of infor- 
mation. Some known content distribution systems 
include (i) selling software via modem or other elec- 
tronic means and (ii) selling portions of information dis- 
tributed by compact disc ("CD"), etc. Such electronic 
sales often depend on the use of decryption keys to 
"decode" the specific data involved. For example, a cus- 
tomer may have free access to a CD containing many 
files of encrypted data, but to actually purchase a spe- 
cific file, he buys the corresponding "decryption key" for 
that file. However, a primary problem with using specific 
hardware to protect the keys is that such hardware 
requires complete management and control by the infor- 
mation supplier to prevent any potential unauthorized 
uses. 

BRIEF SUMMARY OF THE INVENTION 

Based on the foregoing, it would be desirable to 
develop a semiconductor device having at least a 
processing unit and a non-volatile memory element for 
storing a public/private key pair at manufacture and at 
least one digital certificate at manufacture and/or sub- 
sequently thereafter to provide more secured communi- 
cation between one system incorporating the 
semiconductor device and another remote system. 
Accordingly, it is an object of the present invention to 
provide a semiconductor device which substantially 
reduces the risk of accidental disclosure of the pub- 
lic/private key information to an illegitimate recipient. 

Another object of the present invention is to provide 
a semiconductor device capable of internally generating 
a unique public/private key pair. 

A further object of the present invention is to pro- 
vide a semiconductor device for storing the private key 
to prevent any usage of the private key outside the oth- 
erwise unsecured semiconductor device. 

Yet another object of the present invention is to pro- 
vide a semiconductor device for securing storage and 
usage of the public/private key pair within an integrated 
circuit to substantially prevent detection of the key pair 
through reverse engineering. 

Another object of the present invention is to provide 
a semiconductor device storing a unique digital certifi- 
cate for use in remotely (electronically) authenticating 
the device and identifying the specific unit. 
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Another object of the present invention is to provide 
a device that, through its features of uniqueness and 
self authentication, can perform guaranteed functions 
on behalf of a remote entity (such as a content distribu- 
s tor). 

Another object of the present invention is to provide 
a cost-effective device for securing data communica- 
tions and storage. 

The semiconductor device is a hardware agent 

10 comprising a processing unit for performing operations 
for identification purposes, a memory unit having at 
least non-volatile memory for storage of a unique pub- 
lic/private key pair and at least one digital certificate ver- 
ifying the authenticity of the key pair, memory for 

15 storage of cryptographic algorithms and volatile random 
access memory for storage of temporary data. The 
hardware agent further includes an interface in order to 
receive information (encrypted or decrypted) from 
and/or transmit information to other device(s). 

20 

BRIEF DESCRIPTION OF THE DRAWINGS 

The objects, features and advantages of the 
present invention will become apparent from the follow- 
25 ing detailed description of the present invention in 
which: 

Figure 1 is a block diagram illustrating a conven- 
tional symmetric key encryption and decryption 
30 process. .[ 

Figure 2 is a block diagram illustrating a conven- 
tional asymmetric key encryption and decryption 
process. 

35 

Figure 3 is a block diagram illustrating a digital cer- 
tification process from a trusted authority. 

Figure 4 is a block diagram of a computer system 
40 incorporating an embodiment of the present inven- 
tion. 

Figure 5 is a block diagram of an embodiment of 
the present invention. 

45 

Figure 6 is a flowchart illustrating the method for 
implementing a key pair and digital certificate into a 
semiconductor device. 

so Figure 7 is a flowchart illustrating the operations of 
the hardware agent. 

Figure 8 is a flowchart illustrating remote verifica- 
tion of the hardware agent using second level certi- 
55 fication. 

DETAILED DESCRIPTION OF THE INVENTION 

The present invention relates to a hardware agent 
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and its associated method of operation directed toward 
securely storing and using a public/private key pair and 
at least one digital certificate within the hardware agent 
itself. This digital certificate may include a "device certif- 
icate" being a digital certificate provided by a manufac- 
turer of the device signifying the legitimacy of the 
device, a "second level certificate" being a digital certif- 
icate from a trusted third party or a collection of both 
certificates. In the following description, numerous 
details are set forth such as certain components of the 
hardware agent in order to provide a thorough under- 
standing of the present invention. It will be obvious, 
however, to one skilled in the art that these details are 
not required to practice the present invention. In other 
instances, well-known circuits, elements and the like are 
not set forth in detail in order to avoid unnecessarily 
obscuring the present invention. 

Referring to Figure 4, an embodiment of a compu- 
ter system 20 utilizing the present invention is illus- 
trated. The computer system 20 comprises a system 
bus 21 enabling information to be communicated 
between a plurality of bus agents including at least one 
host processor 22 and a hardware agent 23. The host 
processor 22, preferably but not exclusively an Intel® 
Architecture Processor, is coupled to the system bus 21 
through a processor bus interface 24. Although only the 
host processor 22 is illustrated in this embodiment, it is 
contemplated that multiple processors could be 
employed within the computer system 20. 

As further shown in Figure 4, the system bus 21 
provides access to a memory subsystem 25 and an 
input/output ("I/O") subsystem 26. The memory subsys- 
tem 25 includes a memory controller 27 coupled to the 
system bus 21 to provide an interface for controlling 
access to at least one memory device 28 such as 
dynamic random access memory ("DRAM"), read only 
memory ("ROM"), video random access memory 
("VRAM") and the like. The memory device 28 stores 
information and instructions for the host processor 22. 

The I/O subsystem 26 includes an I/O controller 29 
being coupled to the system bus 21 and a conventional 
I/O bus 30. The I/O controller 29 is an interface between 
the I/O bus 30 and the system bus 21 which provides a 
communication path (i.e., gateway) to allow devices on 
the system bus 21 or the I/O bus 30 to exchange infor- 
mation. The I/O bus 30 communicates information 
between at least one peripheral device in the computer 
system 20 including, but not limited to a display device 
31 (e.g., cathode ray tube, liquid crystal display, etc.) for 
displaying images; an alphanumeric input device 32 
(e g., an alphanumeric keyboard, etc.) for communicat- 
ing information and command selections to the host 
processor 22; a cursor control device 33 (e.g., a mouse, 
trackball, etc.) for controlling cursor movement; a mass 
data storage device 34 (e.g., magnetic tapes, hard disk 
drive, floppy disk drive, etc.) for storing information and 
instructions; an information transceiver device 35 (fax 
machine, modem, scanner etc.) for transmitting infor- 
mation from the computer system 20 to another device 



and for receiving information from another device; and a 
hard copy device 36 (e.g., plotter, printer, etc.) for pro- 
viding a tangible, visual representation of the informa- 
tion. It is contemplated that the computer system shown 

5 in Figure 4 may employ some or all of these compo- 
nents or different components than those illustrated. 

Referring now to an embodiment of the present 
invention as shown in Figure 5, the hardware agent 23 
is coupled to the system bus 21 to establish a com muni - 

10 cation path with the host processor 22. The hardware 
agent 23 comprises a single integrated circuit in the 
form of a die 40 (e.g., a micro-controller) encapsulated 
within a semiconductor device package 41, preferably 
hermetically, to protect the die 40 from damage and 

15 harmful contaminants. The die 40 comprises a process- 
ing unit 42 coupled to a memory unit 43, a bus interface 
44 and a number generator 45. The bus interface 44 
enables communication from the hardware agent 23 to 
another device (e.g., the host processor 22). The 

20 processing unit 42 performs computations internally 
within a secured environment within the die 40 to con- 
firm a valid connection with an authorized receiver. 
Such computations include executing certain algorithms 
and protocols, activating circuitry (e.g., the number gen- 

25 erator 45 being preferably random in nature) for gener- 
ating a device-specific public/0rivate key pair and the 
like. The processing unit 42 is placed within the die 40 
to prevent access of the private key through virus attack, 
which is a common method of disrupting a computer 

30 system to obtain its private key. 

The memory unit 43 includes a non-volatile mem- 
ory element 46 which stores the public/private key pair 
and at least one digital certificate therein. This non-vol- 
atile memory 46 is used primarily because it retains its 

35 contents when supply power is discontinued. The mem- 
ory unit 43 further includes random access memory 
("RAM") 47 in order to store certain results from the 
processing unit 42 and appropriate algorithms. 

Although the hardware agent 23 is implemented as 

40 a peripheral device on the system bus 21 for greater 
security, it is contemplated that the hardware agent 23 
could be implemented in several other ways at the PC 
platform level such as, for example, as a disk controller 
or PCMCIA card to automatically decrypt and/or encrypt 

45 information being inputted and outputted from a hard 
disk Another alternative implementation would be for 
the hardware agent 23 to be one component of a multi- 
chip module including the host processor 22 as dis- 
cussed below. Furthermore, even though the hardware 

so agent 23 is described in connection with PC platforms, 
it is contemplated that such hardware agent 23 could be 
implemented within any input/output ("I/O") peripheral 
device such as within a fax machine, printer and the like 
or on a communication path between a computer and 

55 the I/O peripheral device. 

Referring to Figure 6, a flowchart of the operations 
for manufacturing the present invention is illustrated. 
First, in Step 100, the die of the hardware agent is man- 
ufactured according to any conventional well-known 
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semiconductor manufacturing technique. Next, the die 
is encapsulated within a semiconductor package so as 
to form the hardware agent itself (Step 1 05). The hard- 
ware agent is placed onto a certification system which 
establishes an electrical connection to the hardware 
agent and the certification system (Step 110). The cer- 
tification system is basically a carrier coupled to a 
printed circuit board tor generating and receiving electri- 
cal signals for certification of the hardware agent. The 
certification system includes a device for storage of 
prior generated public keys (e.g., a database) to guar- 
antee unique key generation. Thereafter, the certifica- 
tion system supplies power to the hardware agent 
initiating a configuration sequence. During this 
sequence, the random number generator generates a 
device-specific public/private key pair internally within 
the hardware agent (Step 115). 

The public key of the public/private key pair is out- 
put to the certification system (Step 120) where it is 
^ compared to the storage device of the prior generated 

public keys from previously manufactured hardware 
agents (Step 125). In the highly unlikely event that the 
public key is identical to a prior generated public key 
(Step 130), the hardware agent is signaled by the certi- 
fication system to generate another such public/private 
key pair (Step 135) and continue process at Step 120. 
This process ensures that each public/private key pair is 
unique. The storage device for prior generated public 
keys is updated with this new, unique public key (Step 
140). Thereafter, in Step 145, the certification system 
creates a unique device certificate by "digitally signing" 
the public key with the manufacturer s secret private key 
(i.e. in general terms, encrypting the public key with the 
manufacturer's private key). This certificate is input to 
the hardware agent (Step 150) and the hardware agent 
permanently programs the unique public/private key 
pair and the device certificate into its non-volatile mem- 
ory (Step 155). At this point, the device is physically 
unique and is now capable of proving its authenticity. 
) Referring to Figure 7, a flowchart of remote verifi- 

cation of a hardware agent is illustrated. In Step 200, a 
communication link is established between a system 
incorporating the hardware agent ("hardware agent sys- 
tem") and a remote system (e.g., a system incorporat- 
ing another hardware agent or running software which 
communicates with the hardware agent). The hardware 
agent outputs its unique device certificate to the remote 
system (Step 205). Since the manufacturer's public key 
will be published and widely available, the remote sys- 
tem decrypts the device certificate to obtain the public 
key of the hardware agent (Step 210). 

Thereafter, in Step 215, the remote system gener- 
ates a random challenge (i.e., a data sequence for test- 
ing purposes) and transmits the random challenge to 
the hardware agent system (Step 220). In step 225, the 
hardware agent generates a response (i.e., encrypts 
the challenge with the private key of the hardware 
agent) and transmits the response to the remote system 
(Step 230). Then, the remote system decrypts the 



response with the public key of the hardware agent as 
previously determined from the device certificate trans- 
mitted by the hardware agent (Step 235). In Step 240. 
the remote system compares the original challenge to 

5 the decrypted response and K identical, communica- 
tions between the system and the remote system are 
secure and maintained (Step 245). Otherwise, the com- 
munications are terminated (step 250). At this point, the 
remote system is ensured that it is in direct contact with 

10 a specific device (of known characteristics) manufac- 
tured by a specific manufacturer. The remote system 
can now direct the hardware agent to perform specific 
functions within the target system on the remote's 
behalf. The integrity of these functions and secrecy of 

75 the associated data are ensured. Such functions may 
include receipt and use of content distribution keys, 
maintenance of accounting information, etc. 

With the emergence of content distribution along, 
with other information providing devices, it may become 

20 necessary to provide additional assurances that the 
hardware agent is not a forgery. This can be accom- 
plished by sending the semiconductor device including 
the hardware agent to a reputable third party entity such 
as another trusted authority e.g.. governmental agency, 

25 bank, trade association and the like. In a manner identi- 
cal to that described above, a unique third party digital 
certificate of the third party entity (the "second level cer- 
tificate") is input to the hardware agent. Thereafter, the 
hardware agent permanently programs the second level 

30 certificate accompanied by the public/private key pair 
and possibly the device certificate into its non-volatile 
memory. As a result, the hardware agent is validated 
through both the device certificate and the second level 
certificate to guarantee validity of the hardware agent 

35 and prevent fraudulent manufacture of the hardware 
agent, barring unlikely collusion by the third party entity 
and the manufacturer of the hardware agent. 

Referring to Figure 8, a flowchart of remote verifi- 
cation of a hardware agent including authentication 

40 using a second level certificate is illustrated. In Step 
300, a communication link is established between the 
hardware agent system and the remote system. The 
hardware agent outputs its unique device certificate and 
the second level certificate to the remote system (Step 

45 305). Next the remote system decrypts the device cer- 
tificate using the manufacturer's published public key to 
obtain the public key of the hardware agent (Step 310). 
Similarly, the remote system decrypts the second level 
certificate using a well-published public key of the third 

so party to obtain the public key of the hardware agent 
stored therein (Step 315). 

Thereafter, the two versions of the public key of the 
hardware agent are compared (step 320) and if the two 
versions are not identical, communication is terminated 

55 (Step 325). However, if the two versions are identical, 
the remote system generates a random challenge and 
transmits the random challenge to the hardware agent 
(Step 330). The hardware agent generates a response 
i.e., the challenge encrypted with the private key of the 
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hardware agent (Step 335) and transmits the response 
to the remote system (Step 340). The remote system 
then decrypts the response with the public key of the 
hardware agent previously transmitted by the hardware 
agent (Step 345). As in Step 350, the remote system 
compares the original challenge to the decrypted 
response and if identical, communications between the 
system and the remote system are secure and main- 
tained (Step 355). Otherwise, the communications are 
terminated (step 360). 

The present invention described herein may be 
designed in many different methods and using many dif- 
ferent configurations. While the present invention has 
been described in terms of various embodiments, other 
embodiments may come to mind to those skilled in the 
art without departing from the spirit and scope of the 
present invention. The invention should, therefore, be 
measured in terms of the claims which follows. 

Claims 

1 . A semiconductor device comprising: 

processing means for processing information 
within said semiconductor device; 
first storage means for storing a uniquely des- 
ignated key pair and at least one digital certifi- 
cate, said first storage means being coupled to 
said processing means; 
second storage means for storing at least said 
information processed by said processing 
means, said second storage means being cou- 
pled to said processing means; and 
interface means for enabling communication 
between said semiconductor device and a sec- 
ond semiconductor device, said interface 
means being coupled to said processing 
means. 

2. The semiconductor device according to claim 1, 
wherein said storage means includes non-volatile 
memory for maintaining said uniquely designated 
key pair and said at least one digital certificate even 
in a non-powered state. 

3. The semiconductor device according to claim 2, 
wherein said at least one digital certificate includes 
a device certificate. 

4. The semiconductor device according to claim 3, 
wherein said at least one digital certificate includes 
a second level certificate. 

5. The semiconductor device according to claim 2, 
wherein said storage means further includes ran- 
dom access memory for temporarily storing said 
information. 

6. The semiconductor device according to claim 5 fur- 



ther comprising means for generating said uniquely 
designated key pair, said generating means being 
coupled to said processing means. 

5 7. The semiconductor device according to claim 6, 
wherein said generating means includes a random 
number generator. 

8. The semiconductor device according to daim 7 
10 wherein said interface means includes an interface 
coupled to a bus so as to provide a communication 
link between said semiconductor device and said 
second semiconductor device to enable said semi- 
conductor device to decrypt and store information 
75 transmitted to said semiconductor device from said 
second semiconductor device and to encrypt and 
transmit information from said semiconductor 
device to said second semiconductor device. 

20 9. A semiconductor device for encoding and decoding 
information, said semiconductor device comprising: 

non-volatile memory for storing a uniquely des- 
ignated key pair and at least one digital certtfi- 
25 cate; 

random access memory for storing said infor- 
mation; 

a processing unit for at least internally process- 
ing said information, said processing unit being 

30 coupled to said non-volatile memory and said 

random access memory; and 
an interface for enabling said semiconductor 
device to communicate with at least a second 
semiconductor device, said interface being 

35 coupled to said processing unit. 

1 0. The semiconductor device according to claim 9 fur- 
ther comprising a random number generator for 
generating said uniquely designated key pair, said 

40 random number generator being coupled to said 
processing unit. 

11. The semiconductor device according to claim 10, 
wherein said non-volatile memory is storing a 

45 device certificate. 

12. The semiconductor device according to claim 11, 
wherein said non-volatile memory is also storing a 
second level certification. 

50 

13. The semiconductor device according to claim 10, 
wherein said interface provides a communication 
link between said semiconductor device and a sec- 
ond semiconductor device to enable said semicon- 

55 ductor device to decrypt and store information 
being transmitted to said semiconductor device and 
encrypt and transmit information being transmitted 
from said semiconductor device to said second 
semiconductor device. 
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14. A system comprising: 

memory means for storing at least one encryp- 
tion and decryption program; 
host processing means for executing said s 
encryption and decryption programs; 
bus means for coupling said host processing 
means and said memory means; and 
agent means, being coupled to said bus 
means, for internally decrypting input informa- 10 
tion and encrypting output information, said 
agent means including: 

processing means for processing said 
input and output information within said is 
agent means; 

first storage means for storing a uniquely 
designated key pair and at least one digital 
certificate used for decrypting said input 
information and encrypting said output 20 
information, said first storage means being 
coupled to said processing means; 
second storage means for temporarily 
storing at least said input and output infor- 
mation, and 25 
interface means for enabling secured com- 
munication between said system and a 
remote system, said interface means 
being coupled to said processing means. 

30 

1 5. The system according to claim 1 4, wherein said first 
storage means includes non-volatile memory for 
storing said uniquely designated key pair and said 
at least one digital certificate in a non-powered 
state. 35 

16. The system according to claim 15, wherein said at 
least one digital certificate includes a device certifi- 
cate. 

40 

17. The system according to claim 16, wherein said at 
least one digital certificate further includes a sec- 
ond level certificate. 

18. The system according to claim 15, wherein said 45 
second storage means includes random access 
memory for temporarily storing said information 
and at least one encryption and decryption algo- 
rithm. 

50 

1 9. The system according to claim 1 8 further includes 
means for generating said uniquely designated key 
pair. 

20. The system according to claim 19, wherein said 55 
generating means includes a random number gen- 
erator. 

21 . A system comprising: 
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a memory element for storing at least one 
encryption and decryption program; 
a host processor for executing said encryption 
and decryption programs; 
a bus for coupling said host processor and said 
memory element; and 

a hardware agent, being coupled to said bus, 
for internally decrypting input information from 
a remote device and encrypting output informa- 
tion for transmission to said remote device, 
said hardware agent including: 

a processor for processing said input and 
output information within said hardware 
agent, 

a non-volatile storage element for storing a 
uniquely designated key pair and a device 
certificate both of which are used for 
decrypting said input information and 
encrypting said output information, said 
non-volatile storage element being cou- 
pled to said processor, 
a volatile storage element for temporarily 
storing said input and output information, 
a random number generator for generating 
said uniquely designated key pair, and 
an interface for enabling secured commu- 
nication between said hardware agent and 
said remote device, said interface being 
coupled to said processor. 

22. A method for producing a hardware agent utilized to 
ensure secured communications another remote 
device, said method comprising the steps of: 

placing said hardware agent onto a certification 
system so that said hardware agent estab- 
lishes an electrical connection with said certifi- 
cation system; 

initially supplying power to said hardware agent 
initiating a configuration sequence in which a 
random number generator within said hard- 
ware agent generates a device-specific key 
pair; 

verifying that said device-specific key pair is 
unique; and 

storing said device-specific key pair into a non- 
volatile storage element within said hardware 
agent. 

23. The method according to claim 22, further including 
the steps of: 

creating a unique device certificate; 
inputting said device certificate into said hard- 
ware agent; and 

storing said device certificate into said non-vol- 
atile storage element of said hardware agent. 
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24. The method according to claim 23 further including 
the steps of: 

creating a unique second level certificate; 
inputting said second level certificate into said 5 
hardware agent; and 

storing said second level certificate into said 
non-volatile storage element of said hardware 
agent 
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